How do you get the wpad.dat file to work for non domain clients?

I have set up the DNS and DHCP options to enable my clients to automatically detect proxy settings by using the wpad.dat file on my ISA server. I have also managed to set exclusions where needed and it all works perfectly for any client that is already a member of my domain.

We have recently implemented a complete wireless solution throughout our entire organisation which also includes a guest account. Thsi guest account only gives access to the internet via our proxy/ISA server. What I am trying to do is to allow non domain clients to be able to automatically detect proxy settings to allow them to access the internet throught the guest wireless lan. It does not work and I am fairly sure that this is because the wpad.dat fileonly points to the server via it's name and not it's FQDN i.e WEB01 and not WEB01.domain.co.uk. If I type http://web01.domain.co.uk/wpad.dat on a client connected to the guest network but not on the domain it finds the file. If I leave off the domain.co.uk bit, it doesn't.

If I download and edit the wpad.dat file the entry is web01 under makeproxies and I am thinking I need it to say web01.domain.co.uk but I can't for the life of me figure out how. Any help would be greatly appreciated.

Also is you DHCP server giving out option 006 DNS servers that will resolve OK and 015 domain name as domain.co.uk or not? i.e can you PING wpad without the domain name from a foreign client PC connected

you could create an alias on the dns server the non domain client pc is using
web01 as an alias to web01.domain.co.uk
or if the pc is not using any dns server administered by you personally add the alias to the hosts file of the client pc
c:\WINDOWS\system32\drivers\etc\hosts
add a record like this
X.X.X.X web01.domain.co.uk web01
where X.X.X.X is the ip of your web01 server

The wpad.dat file is dynamically created BTW which is why you can't find it and edit it - it doesn't exist as such except in the memory of the ISA server. It might be down to the domain name on your ISA / proxy server in tcpip properties or the advanced button where you name the computer... i.e. so that it knows it's own domain name -- it could be this is not completed if the ISA server isn't on the windows domain.

The only problem with theruck's answer is that we are a college and so have in excess of 27000 students who could potentially want to access this guest network with their own personal laptops. Not sure I'd want to change the hosts file on all of them :-\. Web01 is in DNS as an alias and the clients are being assigned IP via DHCP including the DNS server.

Took me a while to fiugre out that wpad.dat is an invisible file but you can download it from a browser and look at it and it all seems to be in order. It is possible that the problem is because our ISA server is not in the domain, but then it does have a host record in DNS.

in option 252 I have got http://web01.domain.co.uk:80/wpad.dat which I am fairly sure is right. Like I say, automatically detect settings works fine for a client on the domain just not for one that isn't, even though it looks like it should. V.frustrating.

You could always put in the IP address then in option 252.... what happens on the client PC's does it start working if you add a HOSTS entry -- that would help point to that being the only issue before we look deeper.

Also is you DHCP server giving out option 006 DNS servers that will resolve OK and 015 domain name as domain.co.uk or not? i.e can you PING wpad without the domain name from a foreign client PC connected to the network OK?

Not entirely sure what has happened, don't think I did anything differently but it has suddenly started working LOL. I am pretty sure that nothing has changed since I tried it an hour ago but you can never be too sure can you??!!

Thanks for all your help, it was nice to have confirmation I wasn't doing anything obviously stupid and both of your answers were correct. For anyone else trying to do this then I would advise doing everything as advised on this site and on the MS site and then waiting a while before trying it again.

First time i've posted on this site so not sure if I can give both of you points. I will give them to dragon-it first as he has posted more comments and if I can I will give some to theruck as well. If I can't then sorry theruck but many thanks for the help.

Sorry theruck. If you want me to sort out a split then will do the stuff with community support.

Admaski: Glad it is sorted out.... everyone has problems working out how to split points etc. here. There is an obscure link at the bottom of any questions you make titled "split points" which does what it says on the tin...

Steve

0

Featured Post

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop.
Interesting thing was the fact th…

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that.
In this Article I'll show how to deploy printers automatically with group policy and then using security fil…

Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…